Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2025/11/25 12:0 a.m.7 views

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

7.4AI score0.00276EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/11/21 12:18 a.m.18 views

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...

9.8CVSS8AI score0.00916EPSS
Exploits2References1
OSV
OSV
added 2025/11/20 4:15 p.m.3 views

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...

9.8CVSS6.1AI score0.00916EPSS
Exploits2References1
CVE
CVE
added 2025/11/20 12:0 a.m.18 views

CVE-2025-60737

CVE-2025-60737 concerns a Cross Site Scripting vulnerability in the Ilevia EVE X1 Server Firmware (versions <= 4.7.18.0.eden:Logic

6.1CVSS6.8AI score0.00276EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/10/16 5:56 p.m.10 views

CVE-2025-34517 Ilevia EVE X1 Server 4.7.18.0.eden Absolute Path Traversal

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

8.7CVSS0.00599EPSS
Exploits3References3
EUVD
EUVD
added 2025/10/16 5:56 p.m.5 views

EUVD-2025-34809

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

8.7CVSS6.4AI score0.00599EPSS
Exploits3References5
CVE
CVE
added 2025/10/16 5:56 p.m.16 views

CVE-2025-34517

Ilevia EVE X1 Server firmware

8.7CVSS6.5AI score0.00599EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2025/10/16 5:56 p.m.9 views

CVE-2025-34514 Ilevia EVE X1 Server 4.7.18.0.eden Authenticated Command Injection

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...

8.7CVSS0.02071EPSS
Exploits3References3
Cvelist
Cvelist
added 2025/10/16 5:55 p.m.10 views

CVE-2025-34519 Ilevia EVE X1 Server 4.7.18.0.eden Insecure Hashing Algorithm

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

8.2CVSS0.0028EPSS
Exploits2References3
CVE
CVE
added 2025/10/16 5:55 p.m.13 views

CVE-2025-34512

The CVE-2025-34512 entry affects Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden, with multiple publicly disclosed issues summarized in connected documents: a pre-authentication file disclosure via the db_log POST parameter; an unauthenticated OS command injection in /ajax/php/login.php vi...

6.1CVSS5.9AI score0.00371EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2025/10/16 5:54 p.m.9 views

CVE-2025-34515 Ilevia EVE X1 Server 4.7.18.0.eden Root Privilege Escalation

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in syncproject.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

9.3CVSS0.07285EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2025/10/16 5:52 p.m.4 views

CVE-2025-34516

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

9.8CVSS5.8AI score0.00533EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/10/16 5:52 p.m.4 views

CVE-2025-34516 Ilevia EVE X1 Server 4.7.18.0.eden Use of Default Credentials

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

9.3CVSS6.7AI score0.00533EPSS
Exploits2References3
CVE
CVE
added 2025/10/16 5:52 p.m.12 views

CVE-2025-34516

CVE-2025-34516 affects Ilevia EVE X1 Server firmware

9.8CVSS6.7AI score0.00533EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.8 views

PT-2025-42500

Name of the Vulnerable Software and Affected Versions Ilevia EVE X1 Server firmware versions through 4.7.18.0.eden Description The software contains a reflected cross-site scripting XSS issue in the index.php file. An unauthenticated attacker can leverage this to execute arbitrary code. The vendo...

6.1CVSS5.9AI score0.00371EPSS
Exploits3References10
Rows per page
Query Builder